Feat: create a render deployment copy add test scripts

Author: PaperStrange

package-lock.json

@@ -0,0 +1,55 @@
+# TourAI Platform
+
+This folder contains the fullstack codebase for the TourGuideAI project, organized for easy deployment on Render using infrastructure-as-code.
+
+## Folder Structure
+
+- **backend/**: Node.js/Express backend API server
+- **frontend/**: React frontend application
+- **models/**: (Optional) ML models, data, or related code (not deployed to Render)
+- **render.yaml**: Render blueprint for automated deployment of backend and frontend as separate services
+
+---
+
+## Deployment on Render
+
+You can deploy both the backend and frontend as separate services on Render using the provided `render.yaml` blueprint.
+
+### 1. Prerequisites
+- Push this folder (with all contents) to your GitHub repository.
+- Make sure your backend `.env` file is set up (see `backend/.env`).
+
+### 2. Deploy with Render Blueprints
+1. Go to [Render Dashboard](https://dashboard.render.com/).
+2. Click **New Blueprint** and connect your GitHub repo.
+3. Render will auto-detect `render.yaml` and set up two services:
+   - **tourguideai-backend** (Node.js web service)
+   - **tourguideai-frontend** (Static site)
+4. Fill in required environment variables for the backend (see `backend/.env`).
+5. Click **Apply** to deploy both services.
+
+### 3. Service Details
+- **Backend**
+  - Root: `backend/`
+  - Build Command: `npm install`
+  - Start Command: `npm start`
+  - Set environment variables as needed (see `.env`)
+- **Frontend**
+  - Root: `frontend/`
+  - Build Command: `npm install && npm run build`
+  - Publish Directory: `build`
+  - (Optional) Set `REACT_APP_API_URL` to your backend's Render URL if needed
+
+### 4. Connecting Frontend to Backend
+- Update your frontend code to use the backend's Render URL for API requests (e.g., via `REACT_APP_API_URL`).
+- Set this variable in the frontend service's environment settings on Render if needed.
+
+---
+
+## Notes
+- The `models/` folder is not deployed to Render, but can be used for local development or future ML service integration.
+- For advanced configuration, edit `render.yaml` as needed.
+
+---
+
+For any issues, consult the main project documentation or Render's deployment docs. 

tourai_platform_deploy/README.md

@@ -0,0 +1,215 @@
+# TourGuideAI Server
+
+Backend server for the TourGuideAI application, handling secure token management, proxy services, and authentication.
+
+## Structure
+
+- **routes**: API endpoint route handlers
+- **middleware**: Express middleware functions
+- **utils**: Utility functions and helpers
+- **logs**: Server log files
+- **config**: Configuration files for different environments
+- **vault**: Secure token storage directory (created at runtime)
+- **scripts**: Administrative and utility scripts
+
+## Features
+
+- **Secure Token Management**: Centralized vault for all API keys, tokens, and secrets
+- **Token Rotation**: Automatic tracking of token age and rotation requirements
+- **Multiple Backend Support**: Local, AWS Secrets Manager, or HashiCorp Vault support
+- **Proxy Services**: Route client requests to external APIs (OpenAI, Google Maps)
+- **Rate Limiting**: Prevent API abuse and manage quotas
+- **Caching**: Reduce duplicate API calls and improve performance
+- **Authentication**: User authorization and access control
+- **Logging**: Comprehensive logging for debugging and monitoring
+
+## Getting Started
+
+1. Install dependencies:
+
+```bash
+npm install
+```
+
+2. Set up environment variables:
+
+```bash
+cp .env.example .env
+```
+
+Edit the `.env` file with your vault configuration and API keys.
+
+3. Start the development server:
+
+```bash
+npm run dev
+```
+
+## Token Management and Rotation
+
+TourGuideAI includes a comprehensive token management system to securely handle API keys, secrets, and credentials:
+
+### Automatic Rotation Detection
+
+The system automatically detects tokens that need rotation based on their age:
+
+| Token Type | Default Rotation Period |
+|------------|-------------------------|
+| API Keys   | 90 days                 |
+| JWT Secrets| 180 days                |
+| Encryption Keys | 365 days           |
+| OAuth Tokens | 30 days               |
+
+### Token Rotation Tool
+
+A dedicated command-line tool is included for securely rotating tokens:
+
+```bash
+npm run rotate-tokens
+```
+
+This interactive tool provides options to:
+- List tokens that need rotation
+- Rotate tokens securely
+- Add new tokens to the vault
+- List all tokens in the vault
+
+### Security Features
+
+- AES-256-GCM encryption for all stored tokens
+- Secure key derivation with salting
+- Token caching with short TTL to minimize vault access
+- Automatic clearing of tokens from memory
+- Support for hardware security modules (via AWS KMS)
+
+### Production Recommendations
+
+For production environments:
+1. Use a remote vault backend (AWS Secrets Manager or HashiCorp Vault)
+2. Set VAULT_BACKEND to 'aws' or 'hashicorp' in your environment
+3. Configure a secure rotation schedule with alerting
+4. Use the token rotation script in a secure environment only
+5. Consider using an HSM or KMS for the vault encryption key
+
+## Token Vault System
+
+TourGuideAI uses a secure token vault system to protect sensitive credentials:
+
+- **Centralized Management**: All tokens, API keys, and secrets are managed in one place
+- **Encryption**: AES-256-GCM encryption for all stored credentials
+- **Rotation Policy**: Configurable rotation periods based on token type
+- **Multiple Backends**: Support for local file-based vault, AWS Secrets Manager, or HashiCorp Vault
+- **Seamless Integration**: Legacy environment variables still work during transition
+
+### Vault Configuration
+
+Configure the vault in your `.env` file:
+
+```
+# Token Vault Configuration
+VAULT_BACKEND=local # Options: local, aws, hashicorp, in-memory
+VAULT_ENCRYPTION_KEY=your_vault_encryption_key_here
+VAULT_SALT=your_vault_salt_here
+VAULT_PATH=./vault/vault.enc # For local backend
+IMPORT_ENV_SECRETS=true # Import from environment variables on startup
+```
+
+### Token Types and Rotation Periods
+
+The vault supports different token types with appropriate rotation periods:
+
+| Token Type | Usage | Default Rotation Period |
+|------------|-------|-------------------------|
+| API Key | External service API keys | 90 days |
+| JWT Secret | Authentication tokens | 180 days |
+| Encryption Key | Data encryption | 365 days |
+| OAuth Token | OAuth authentication | 30 days |
+| Database | Database credentials | 180 days |
+
+## API Endpoints
+
+| Endpoint | Method | Description |
+|----------|--------|-------------|
+| `/api/openai/chat` | POST | Proxy to OpenAI Chat API |
+| `/api/maps/geocode` | GET | Proxy to Google Maps Geocoding API |
+| `/api/maps/directions` | GET | Proxy to Google Maps Directions API |
+| `/api/maps/places` | GET | Proxy to Google Maps Places API |
+| `/api/auth/login` | POST | User authentication |
+| `/api/auth/logout` | POST | User logout |
+| `/api/health` | GET | Server health check |
+| `/api/admin/tokens/rotation` | GET | List tokens needing rotation (admin only) |
+
+## Environment Configuration
+
+The server uses the following environment variables:
+
+- `NODE_ENV`: Application environment (development, production)
+- `PORT`: Server port (default: 3001)
+- `VAULT_BACKEND`: Token vault backend type (local, aws, hashicorp, in-memory)
+- `VAULT_ENCRYPTION_KEY`: Encryption key for the vault
+- `VAULT_SALT`: Salt for key derivation
+- `JWT_EXPIRY`: JWT token expiry time
+- `RATE_LIMIT_WINDOW_MS`: Rate limiting window in milliseconds
+- `RATE_LIMIT_MAX_REQUESTS`: Maximum requests per window
+
+For backward compatibility, the following legacy variables are still supported:
+
+- `OPENAI_API_KEY`: OpenAI API key
+- `GOOGLE_MAPS_API_KEY`: Google Maps API key
+- `JWT_SECRET`: Secret for signing JWT tokens
+- `ENCRYPTION_KEY`: Key for data encryption
+- `SENDGRID_API_KEY`: SendGrid API key
+
+## Folder Structure
+
+```
+server/
+├── logs/              # Log files (created at runtime)
+├── vault/             # Secure token storage (created at runtime)
+├── middleware/        # Express middleware
+│   ├── apiKeyValidation.js
+│   ├── authMiddleware.js
+│   ├── caching.js
+│   └── rateLimit.js
+├── routes/            # API route handlers
+│   ├── googlemaps.js
+│   ├── openai.js
+│   └── auth.js
+├── scripts/           # Utility and admin scripts
+│   └── rotateToken.js # Token rotation tool
+├── utils/             # Utility functions
+│   ├── vaultService.js
+│   ├── tokenProvider.js
+│   ├── jwtAuth.js
+│   └── logger.js
+├── .env               # Environment variables (create from .env.example)
+├── .env.example       # Example environment file
+├── package.json       # Project dependencies
+├── server.js          # Main server file
+└── test-server.js     # Test script
+```
+
+## Production Deployment
+
+When deploying to production, ensure:
+
+1. Set `NODE_ENV=production` in your environment
+2. Use a secure backend for the token vault (aws or hashicorp recommended)
+3. Configure proper `ALLOWED_ORIGIN` for CORS
+4. Set up a process manager like PM2 or run in Docker
+5. Use HTTPS with valid SSL certificates
+6. Set up proper monitoring and logging
+
+## Security Considerations
+
+- The vault encryption key and salt should be stored securely outside version control
+- In production, consider using a KMS (Key Management Service) for the vault encryption key
+- For highly secure environments, use a dedicated secrets manager like HashiCorp Vault
+- Enable automatic token rotation monitoring and notifications
+- Use environment-specific secrets with different rotation schedules
+- Implement the principle of least privilege for all service accounts
+- Never expose token rotation APIs to public networks
+
+## License
+
+MIT 

tourai_platform_deploy/backend/README.md

@@ -0,0 +1,79 @@
+/**
+ * Client for interacting with Google Maps API
+ */
+class GoogleMapsClient {
+  constructor() {
+    this.apiKey = process.env.GOOGLE_MAPS_API_KEY;
+  }
+
+  /**
+   * Validates if a location exists
+   * @param {string} locationName - Name of the location to validate
+   * @returns {Promise<Object>} - Validation result with location details
+   */
+  async validateLocation(locationName) {
+    try {
+      // Mock implementation for testing
+      return { 
+        valid: true, 
+        location: { 
+          lat: 48.8566, 
+          lng: 2.3522, 
+          address: 'Paris, France' 
+        } 
+      };
+    } catch (error) {
+      throw new Error(`Failed to validate location: ${error.message}`);
+    }
+  }
+
+  /**
+   * Gets attractions for a location
+   * @param {Object} location - Location coordinates and details
+   * @returns {Promise<Array>} - List of attractions
+   */
+  async getAttractions(location) {
+    try {
+      // Mock implementation for testing
+      return [
+        { name: 'Eiffel Tower', rating: 4.5, description: 'Famous tower' },
+        { name: 'Louvre Museum', rating: 4.8, description: 'World-class art museum' }
+      ];
+    } catch (error) {
+      throw new Error(`Failed to get attractions: ${error.message}`);
+    }
+  }
+
+  /**
+   * Gets accommodation options for a location
+   * @param {Object} location - Location coordinates and details
+   * @returns {Promise<Array>} - List of accommodations
+   */
+  async getAccommodations(location) {
+    try {
+      // Mock implementation for testing
+      return [
+        { name: 'Family Hotel Paris', rating: 4.2, price_range: '€€' },
+        { name: 'Paris Apartment', rating: 4.5, price_range: '€€€' }
+      ];
+    } catch (error) {
+      throw new Error(`Failed to get accommodations: ${error.message}`);
+    }
+  }
+
+  /**
+   * Gets available transportation options for a location
+   * @param {Object} location - Location coordinates and details
+   * @returns {Promise<Array>} - List of transportation options
+   */
+  async getTransportOptions(location) {
+    try {
+      // Mock implementation for testing
+      return ['Metro', 'Bus', 'Taxi'];
+    } catch (error) {
+      throw new Error(`Failed to get transport options: ${error.message}`);
+    }
+  }
+}
+
+module.exports = new GoogleMapsClient();